1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Web Surfers Face Dangerous New Threat: 'Clickjacking'

Discussion in 'Black Hat SEO' started by BlackSeo, Oct 9, 2008.

  1. BlackSeo

    BlackSeo Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 18, 2007
    Messages:
    232
    Likes Received:
    305
    Occupation:
    Marketer
    Location:
    In BlackHat World
    I found this info searching the net;

    Any ideas how to exploit this in a blackhat way, no stealing anything...:D

    BlackSeo
     
  2. tmd4183

    tmd4183 BANNED BANNED

    Joined:
    Jan 19, 2008
    Messages:
    107
    Likes Received:
    188
    This could be really dangerous - here is an example of the process in action -

    hxxp://www.breakingp0intsystems.c0m/community/blog/clickjacking

    xx's and 00's need to be changed
     
  3. wakkaoaka

    wakkaoaka BANNED BANNED

    Joined:
    Sep 14, 2008
    Messages:
    1,113
    Likes Received:
    782
    i dunno, you could use it as a backdoor pass into live cam sites? or use cam girls live video to help with e whoring?
     
  4. tmd4183

    tmd4183 BANNED BANNED

    Joined:
    Jan 19, 2008
    Messages:
    107
    Likes Received:
    188
    Couple of simple examples could be:

    Clicks to adsense ads - could you imagine if you had $10 keyword clicks in the Ghost underlay

    Clicks to affilate sites - CS from Myspace - imagine what $$$ that might bring

    limitedless possibilities - why trick someone into clickin when you could force them to---

    I'll bet someone out there is pulling an allnighter as we speak coding something
     
  5. BlackSeo

    BlackSeo Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 18, 2007
    Messages:
    232
    Likes Received:
    305
    Occupation:
    Marketer
    Location:
    In BlackHat World
    tmd4183,

    looks like you are very versed on this matter, happy to read more about it...
     
  6. Dmore

    Dmore Newbie

    Joined:
    Sep 18, 2008
    Messages:
    25
    Likes Received:
    7
    Occupation:
    Web Developer
    Location:
    California
    Home Page:
    This guy created a free tool that allows anybody to do clickjackin and much more hxxp://www.in*guardians*com/themiddler*html.

    Dmore
    "The Stinking Capitalist Pig"
     
  7. billygood

    billygood Senior Member

    Joined:
    Sep 21, 2008
    Messages:
    941
    Likes Received:
    667
    Occupation:
    marketer
    Location:
    Florida in the winter
    Home Page:
    if you were going to clickjack google, then I would advise the following : heck I know I am going to loose my AdWords account because of this "

    step a) you will need a highly trafficked site with history or multiple sites that have a consistent volume,
    step b) you will only!!! do a 5% to 12% click rate ( no more than double the web sites historical click rate )
    step c) using your ad-server as the counter, set a specific number of page loads to signal when to activate the clickjacker
    step d) I would only route these people to a google search, not the ad themselves
    step e) ban the clickjacker from clicking when the IP address is from a search engine ( would be rather weird if google clicked itself ) and from NY and California.
    step f) buy multiple small live feeds for about a total of 2500 a month and get 250000 to 500000 page loads per day. ( @5% that's 12,500 clicks @.25 per click that's $3125.00 )
    step g) ramp up and ramp down the volume from the feeds, the more feeds you get the better it is, in-fact I would spam Craigslist just to add the bullshit volume
    step h) after about 2 weeks, ramp everything down to normal volume and kill the clicker
    step I) you went from 100 per day all the way up to 3000, google will look at you real carefully, I would expect it not to work anyway, but if you got a decent site with traffic volume, I would think small incremental steps of click volume increases would not be noticed ( 1% or 2% ) per week until you double your click volume

    Just a quick note :
    you might want to rotate clicking google to clicking google, then Yahoo, then another program, could be real fun
     
    • Thanks Thanks x 1
    Last edited: Oct 9, 2008
  8. Dmore

    Dmore Newbie

    Joined:
    Sep 18, 2008
    Messages:
    25
    Likes Received:
    7
    Occupation:
    Web Developer
    Location:
    California
    Home Page:
    Your correct evilrabbi, but it required a certain level of skills to be able to carry it out. Now any Joe Blow with very little skill level can use this tool with success.

    Dmore
    "The Stinking Capitalist Pig"
     
  9. almir

    almir Power Member

    Joined:
    Jul 11, 2008
    Messages:
    728
    Likes Received:
    229
    Code:
    http://www.inguardians.com/themiddler.html
    Is this how link should look like ?

    If it is, its down for me
     
  10. Dmore

    Dmore Newbie

    Joined:
    Sep 18, 2008
    Messages:
    25
    Likes Received:
    7
    Occupation:
    Web Developer
    Location:
    California
    Home Page:
    Yes, that's the correct link. Their server must have crashed from all the traffic. I guess there's a lot of interest in this tool.:)

    Dmore
    "The Stinking Capitalist Pig"
     
  11. general_z

    general_z Junior Member

    Joined:
    Aug 12, 2008
    Messages:
    120
    Likes Received:
    32
    Uhm, i fail to see the "news" with this. It's javascript and browser errors. There are very many ways to manipulate browser behaviour with javascript. Haven't gotten in to all of them myself but i've actually used scripts that stop FF, IE's - that rebinds buttons and disables them (like the F1-F12) in webapps for extended functionality and more common shortcuts etc etc etc.
     
  12. aaappp3

    aaappp3 Newbie

    Joined:
    Dec 14, 2007
    Messages:
    34
    Likes Received:
    11
    From what I've read so far about clickjacking it doesn't involve javascript, seems like a hidden div that follows your mouse around, then when you click on a link you're actually clicking on the div...
     
  13. Dmore

    Dmore Newbie

    Joined:
    Sep 18, 2008
    Messages:
    25
    Likes Received:
    7
    Occupation:
    Web Developer
    Location:
    California
    Home Page:
    I posted an interesting video presentation in thishttp://www.blackhatworld.com/blackhat-seo/blackhat-lounge/27733-clickjacking-deep-blackhat.html.
    Dmore
    "The Stinking Capitalist Pig"
     
    Last edited: Oct 16, 2008